http://fg-informatik.unibas.ch/wiki/index.php/Website-Security

1. fg.workshop

2. fg.workshop

3. fg.workshop
> 200’000 Kreditkartendaten
mittels SQL Injection gestohlen
> 40 Millionen Kreditkartendaten
unverschlüsselt abgespeichert

4. fg.workshop

5. fg.workshop
Web Security
"A good programmer is someone who always looks both ways before
crossing a one-way street." — Doug Linder
Marcel Büchler - Ivan Giangreco

6. fg.gallery
fg.workshop
• Galerie zum Hochladen von Bildern
• einfache Benutzerverwaltung
• Benutzer können Bilder bewerten
• PHP, MySQL

7. fg.workshop
Happy Hacking
Finde die Sicherheitslücken.

8. fg.workshop
fg.gallery
• SQL-Injection • Missing Encryption of Sensitive
Data
• Information Exposure through an
Error Message • Use of Hard-coded Credentials
• Missing Authentication for Critical • Session Hijacking
Function
• Use of Blacklists instead of
• Cross-Site-Scripting Whitelists
• Cross-Site-Request Forgery
• Improper Access Control
• Reliance on Untrusted Inputs
(Spoofed HTTP Requests)
• Unrestricted Upload of File with
Dangerous Type

9. fg.workshop
SQL Injection

10. fg.workshop
Cross-Site Scripting (XSS)
Cookie wird an einen fremden Server geschickt!
Und dasselbe hexadezimal codiert:

11. fg.workshop
Session Hijacking

12. fg.workshop
Cross-Site Request Forgery (CSRF)
HTTP Request
HTTP Response
Logged in

13. fg.workshop
Cross-Site Request Forgery (CSRF)
Comment as you like
Comment:
HTTP Request
HTTP Response

14. fg.workshop
Cross-Site Request Forgery (CSRF)
Comment as you like
Comment:
HTTP Request
<img src=”http://
HTTP Response www.server.de/buy.php?
num_of_stocks=1000”/>

15. fg.workshop
Cross-Site Request Forgery (CSRF)
Logged in
HTTP Request
HTTP Request
http://www.server.de/buy.php?num_of_stocks=1000

16. fg.workshop
http://cwe.mitre.org/top25/
http://phpsec.org/projects/guide/

17. fg.workshop
Q&A